Friday 08 October 2004

SANS Top 20 Internet Security Vulnerabilities

SANS has updated their list of top 20 internet security vulnerabilities for 2004

Top Vulnerabilities to Windows Systems in 2004 compared to 2003

RankTop Vulnerabilities to Windows Systems in 2004Top Vulnerabilities to Windows Systems in 2003
1Web Servers & ServicesInternet Information Services (IIS)
2Workstation ServiceMicrosoft SQL Server (MSSQL)
3Windows Remote Access ServicesWindows Authentication
4Microsoft SQL Server (MSSQL)Internet Explorer (IE)
5Windows AuthenticationWindows Remote Access Services
6Web BrowsersMicrosoft Data Access Components (MDAC)
7File-Sharing ApplicationsWindows Scripting Host (WSH)
8LSAS ExposuresMicrosoft Outlook and Outlook Express
9Mail ClientWindows Peer to Peer File Sharing (P2P)
10Instant MessagingSimple Network Management Protocol (SNMP)

Top Vulnerabilities to Windows Systems in 2004 compared to 2003

RankTop Vulnerabilities to UNIX Systems in 2004Top Vulnerabilities to UNIX Systems in 2003
1BIND Domain Name SystemBIND Domain Name System
2Web ServerRemote Procedure Calls (RPC)
3AuthenticationApache Web Server
4Version Control SystemsGeneral UNIX Authentication Accounts with No Passwords or Weak Passwords
5Mail Transport ServiceClear Text Services
6Simple Network Management Protocol (SNMP)Sendmail
7Open Secure Sockets Layer (SSL)Simple Network Management Protocol (SNMP)
8Misconfiguration of Enterprise Services NIS/NFSSecure Shell (SSH)
9DatabasesMisconfiguration of Enterprise Services NIS/NFS
10KernelOpen Secure Sockets Layer (SSL)

Related Reading